Business Compliance13 min read26 April 2026

Singapore SME Compliance Requirements: Complete 2026 Regulatory Guide

Complete guide to regulatory compliance for Singapore SMEs in 2026. Covers PDPA, Employment Act, WSHA, ACRA, CPF, GST, and industry-specific regulations with practical checklists and deadlines.

ComplyHQ Team

Singapore SME Compliance Requirements: Complete 2026 Regulatory Guide

Running an SME in Singapore means navigating multiple regulatory frameworks simultaneously. Data protection, employment law, workplace safety, tax, and corporate governance all apply from day one — and the penalties for non-compliance are significant.

This guide consolidates the key compliance requirements every Singapore SME must know, with practical checklists and deadlines.

1. PDPA — Personal Data Protection Act

The PDPA governs how your business collects, uses, and discloses personal data. It applies to every private sector organisation in Singapore regardless of size.

Key Obligations

Penalties

Fines of up to S$1 million or 10% of annual turnover (whichever is higher) for organisations with annual turnover exceeding S$10 million. See our detailed penalties guide.

Action

Start with the PDPA Compliance Checklist to assess your current status.

2. Employment Act

The Employment Act is Singapore's primary employment legislation. Since the 2019 amendments, it covers all employees under a contract of service (with limited exceptions).

Key Obligations

  • Salary payment: Pay within 7 days of the end of each salary period
  • Payslips: Provide itemised payslips for every payment
  • Leave entitlements: Annual leave (7-14 days), sick leave (14 days outpatient + 60 days hospitalisation), maternity leave (16 weeks), paternity leave (2 weeks)
  • Working hours: Maximum 44 hours per week (or 48 with a shorter day)
  • Overtime: Pay at 1.5x rate for eligible employees exceeding normal hours
  • Public holidays: 11 gazetted public holidays per year
  • Termination notice: Per contract or statutory minimums (1 day to 4 weeks depending on service length)
  • Key Employment Terms (KETs): Written KETs must be provided within 14 days of starting work

Penalties

Fines of up to S$5,000 per offence, and repeat offenders may face imprisonment. MOM actively investigates complaints.

3. Workplace Safety and Health Act (WSHA)

The WSHA requires every employer to ensure workplace safety and health as far as reasonably practicable.

Key Obligations

  • Conduct risk assessments for all workplace activities
  • Implement safety measures to eliminate or reduce risks
  • Report workplace accidents and dangerous occurrences to MOM
  • Provide safety training for employees in hazardous roles
  • Maintain workplace safety documentation
  • Appoint a Workplace Safety and Health Officer (for specified workplaces)

Penalties

Fines of up to S$500,000 and/or imprisonment of up to 2 years for failing to ensure safety. Penalties increase for repeat offences and cases resulting in death or injury.

4. ACRA — Corporate Governance

All Singapore companies registered with ACRA must maintain proper corporate governance.

Key Obligations

  • Annual return: File within 30 days of your AGM
  • AGM: Hold within 6 months of financial year end (for non-exempt companies)
  • Company secretary: Appoint within 6 months of incorporation; must be a Singapore resident
  • Registered office: Maintain a registered office address in Singapore (open during business hours)
  • Statutory registers: Keep registers of directors, members, and charges
  • Change notifications: File changes (directors, address, share structure) within 14 days

Penalties

Late filing penalties start at S$300 and increase over time. Failure to hold an AGM or file annual returns can result in prosecution and fines up to S$5,000.

5. CPF — Central Provident Fund

If you employ any Singapore Citizens or Permanent Residents, CPF contributions are mandatory.

Key Obligations

  • Contribution rates: Employer contributes 17% (for employees aged 55 and below earning >S$750/month), employee contributes 20%
  • Payment deadline: By the 14th of the following month (late penalties apply from the 15th)
  • New hires: Contributions start from the first month of employment
  • Foreign employees: No CPF contribution required (but levy applies for Work Permit holders)

Penalties

Late CPF payment incurs interest of 1.5% per month on the outstanding amount. Persistent defaulters face prosecution.

6. Tax — IRAS

Corporate Tax

  • Filing deadline: File estimated chargeable income (ECI) within 3 months of financial year end
  • Annual return: File Form C-S or Form C by 30 November (for financial years ending 31 December)
  • Corporate tax rate: 17% (with partial exemption scheme for first S$200,000)
  • Record keeping: Maintain business records for at least 5 years

GST

  • Registration threshold: Mandatory registration if taxable turnover exceeds S$1 million in the past 12 months (or is expected to exceed S$1 million in the next 12 months)
  • Filing frequency: Quarterly GST returns (due 1 month after the end of each accounting period)
  • Current rate: 9% (since 1 January 2024)

7. Industry-Specific Compliance

Depending on your sector, additional regulations may apply:

Food and Beverage

  • SFA food shop licence
  • NEA food hygiene requirements
  • Food Safety and Hygiene Course for food handlers

Healthcare

  • MOH private hospital/clinic licence
  • Healthcare Services Act requirements
  • Private Hospitals and Medical Clinics Act

Financial Services

  • MAS licensing requirements
  • Anti-money laundering (AML) obligations
  • Payment Services Act compliance

Education

  • Registration with Committee for Private Education (CPE)
  • EduTrust certification requirements

Construction

  • BCA licensing requirements
  • Workplace safety requirements (enhanced under WSHA)

Compliance Calendar: Key Annual Deadlines

Here are the deadlines every Singapore SME should track:

Monthly

  • CPF contributions by the 14th of each month
  • Payslip distribution within 3 days of salary payment

Quarterly

  • GST returns (if GST-registered) due 1 month after quarter end

Annually

  • ACRA annual return within 30 days of AGM
  • AGM within 6 months of financial year end
  • IRAS ECI filing within 3 months of financial year end
  • IRAS annual tax return by 30 November (for Dec year-end)
  • PDPA annual compliance review (recommended, not statutory)
  • Workplace risk assessment review (annually or when processes change)

How to Stay Compliant Without a Legal Team

Most SMEs do not have in-house legal or compliance teams. Here is how to manage compliance practically:

Use Compliance Software

Tools like ComplyHQ automate PDPA compliance — gap assessments, policy generation, data inventory management, and ongoing monitoring. For employment law and WSHA, consider HR software with built-in compliance features.

Leverage Government Resources

Singapore's government provides extensive free resources:

  • PDPC: Free compliance toolkit and data protection notice generator
  • MOM: Employment practices guidelines and template KETs
  • ACRA: BizFile+ online filing system
  • Enterprise Singapore: PSG Grant for compliance software (up to 50% subsidy)

Establish a Compliance Calendar

Set calendar reminders for all statutory deadlines. Missing a CPF payment by one day incurs penalties. Late ACRA filings accumulate fines. A simple shared calendar with reminders prevents costly oversights.

Get Professional Help Where It Matters

Some compliance areas justify professional help:

  • Company secretary: Required by law; handles ACRA filings
  • Accountant: Tax filing and GST compliance
  • PDPA compliance: DIY with tools like ComplyHQ, or engage a consultant for complex data processing

For most SMEs, total annual compliance costs range from S$1,300 to S$5,800 — far less than the fines for non-compliance.

How ComplyHQ Fits In

ComplyHQ handles the PDPA compliance piece of your regulatory obligations:

  • AI-powered gap assessment identifies where you stand across all 10 PDPA obligations
  • Policy generator creates compliant privacy policies, data protection policies, and breach response plans
  • Data inventory builder maps your data flows across systems and vendors
  • Ongoing monitoring alerts you to regulatory changes that affect your business
  • PSG Grant eligible — up to 50% subsidy for qualifying Singapore SMEs

Start with a free assessment. It takes 15 minutes and gives you a clear compliance score with actionable next steps.

Related Resources

Simplify Your Compliance

ComplyHQ's AI can assess your PDPA compliance gaps in under 15 minutes and generate the policies you need.

Try Free Assessment

Frequently Asked Questions

What are the most important compliance requirements for Singapore SMEs?
The core requirements are: ACRA annual filing, PDPA data protection compliance, Employment Act compliance (if you have employees), CPF contributions, income tax filing with IRAS, and workplace safety under WSHA. Industry-specific requirements (food licensing, financial regulation, healthcare licensing) may also apply depending on your business.
What happens if my SME fails to comply with Singapore regulations?
Consequences vary by regulation. PDPA non-compliance can result in fines up to S$1 million. Employment Act breaches can lead to prosecution and fines up to S$5,000 per offence. WSHA violations carry fines up to S$500,000 and imprisonment. ACRA late filing incurs penalties starting at S$300. The reputational damage and operational disruption from non-compliance often cost more than the fines themselves.
How much does compliance cost for a small business in Singapore?
Basic compliance costs for a small business typically include: company secretary (S$300-800/year), accounting and tax filing (S$500-2,000/year), and PDPA compliance tools or consultancy (S$500-3,000/year). Total basic compliance costs range from S$1,300 to S$5,800 per year. Government grants like PSG can subsidise up to 50% of qualifying compliance software costs.
Do I need a compliance officer for my Singapore SME?
There is no general requirement for a dedicated compliance officer, but you must appoint a Data Protection Officer under the PDPA and a company secretary under the Companies Act. For workplace safety, businesses in certain sectors must appoint a Workplace Safety and Health Officer. In practice, for most SMEs, one person (often the owner or a senior manager) handles multiple compliance roles.
Are there government grants to help with compliance costs?
Yes. The Productivity Solutions Grant (PSG) provides up to 50% funding for qualifying compliance software and digital solutions. The Enterprise Development Grant (EDG) can fund larger compliance projects. SkillsFuture subsidises compliance training courses. Check the Business Grants Portal for current eligibility and available grants.

Ready to get PDPA compliant?

Stop guessing about compliance. ComplyHQ uses AI to assess your gaps, generate policies, and guide you through every PDPA obligation.

Start Free AssessmentView Pricing
Gap AssessmentPolicy GeneratorAI Compliance Chat

Related Articles

17 April 202610 min read

PSG Grant for Singapore SMEs: How to Get Up to 50% Off Business Solutions (2026 Guide)

Complete guide to Singapore's Productivity Solutions Grant (PSG). Learn eligibility, application process, qualifying solutions, and how to save up to 50% on compliance and business tools.

Read more
26 April 202611 min read

Best PDPA Compliance Software for Singapore SMEs (2026 Comparison)

Compare the best PDPA compliance software for Singapore SMEs in 2026. Features, pricing, PSG eligibility, and which tool is right for your business size and budget.

Read more
26 April 202613 min read

MAS Compliance for Singapore SMEs: What You Need to Know in 2026

Complete guide to MAS compliance requirements for Singapore SMEs. Covers licensing, AML/CFT obligations, Technology Risk Management, consumer protection rules, and PDPA intersection.

Read more